Collecting Endpoint Logs with Elastic Agent

Рет қаралды 6,858

Күн бұрын

Пікірлер: 24

@Angry.Hippie 9 ай бұрын

This video series has been a great help in getting me hands on experience for the CySA+ cert. Wouldn't of been able to install an agent on my computer without it!

@security-onion 9 ай бұрын

Thanks, glad to help!

@fuzzyEuclid 10 ай бұрын

Thank you for the quick look! I'd love to see a basic osquery video :)

@waseemalkurdi759 Ай бұрын

Thank you, It's very useful video.

@security-onion Ай бұрын

Thanks, glad you like it!

@subhuman7478 9 ай бұрын

I would also love to see an osquery video. A strelka one would be great too.

@taraskobilskiy6538 10 ай бұрын

Thank you for the video

@security-onion 9 ай бұрын

You're welcome!

@calmeidazim 10 ай бұрын

Thank you, just in the time :)

@security-onion 9 ай бұрын

You're welcome!

@edvloesungen 5 ай бұрын

Thank you very much!

@security-onion 5 ай бұрын

You're welcome!

@CageYim 6 ай бұрын

I saw "Evaluation installs and Import installs do not support remote elastic agents. The links below are shown for demonstration purposes only." after I installed the eval version security onion following your installation guide video, is that means I have to install to other mode? Thank you.

@security-onion 6 ай бұрын

If you want to deploy the Elastic Agent to remote devices, then you will need to install in STANDALONE mode or do a full distributed deployment. For more information, please see the documentation at docs.securityonion.net/en/2.4/architecture.html. If you have further questions or problems, please start a new discussion at securityonion.com/discuss. Thanks!

@CageYim 6 ай бұрын

@@security-onion Thank you very much. Let me try again.

@zapphoddbubbahbrox5681 7 ай бұрын

somehow SYSMON integration not working or showing up as an integration for a windows box. i'd added SYSMON to the node after the agent was enrolled. does this require removal (big pains here also, it won't properly remove)? Would be great to have a guide for this. Also for Linux SYSMON

@security-onion 7 ай бұрын

If you have questions or problems, please start a new discussion at securityonion.com/discuss

@JamesHazell-b2p 9 ай бұрын

Great information. Is there a video to port Cisco switch log files to SO ?

@security-onion 9 ай бұрын

Please see the Cisco IOS integration at docs.elastic.co/integrations/cisco_ios and our docs at docs.securityonion.net/en/2.4/elastic-fleet.html#elastic-fleet and docs.securityonion.net/en/2.4/elastic-agent.html. If you have further questions or problems, please start a new discussion at securityonion.com/discuss

@fuzzyEuclid 6 ай бұрын

An osquery video would be awesome :)